From 99b76f7b11543153b1c8d4d6f093438f06ef5071 Mon Sep 17 00:00:00 2001
From: Aleksander <170264518+t-aleksander@users.noreply.github.com>
Date: Tue, 18 Jun 2024 10:01:01 +0200
Subject: [PATCH] fix: logout all sessions when mfa is enabled (#644)

---
 src/handlers/auth.rs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/handlers/auth.rs b/src/handlers/auth.rs
index 1da00d909..de277b421 100644
--- a/src/handlers/auth.rs
+++ b/src/handlers/auth.rs
@@ -210,7 +210,7 @@ pub async fn logout(
 /// Enable MFA
 pub async fn mfa_enable(
     cookies: CookieJar,
-    session: Session,
+    _session: Session,
     session_info: SessionInfo,
     State(appstate): State<AppState>,
 ) -> Result<(CookieJar, ApiResponse), WebError> {
@@ -220,9 +220,9 @@ pub async fn mfa_enable(
     if user.mfa_enabled {
         info!("Enabled MFA for user {}", user.username);
         let cookies = cookies.remove(Cookie::from("defguard_sesssion"));
-        session.delete(&appstate.pool).await?;
+        user.logout_all_sessions(&appstate.pool).await?;
         debug!(
-            "Removed auth session for user {} after enabling MFA",
+            "Removed auth sessions for user {} after enabling MFA",
             user.username
         );
         Ok((cookies, ApiResponse::default()))